Page MenuHomePhabricator
Differential D9376 Diff 28103 src/secp256k1/src/modules/schnorr/main_impl.h

Changeset View

Standalone View

View Options

src/secp256k1/src/modules/schnorr/main_impl.h

/********************************************************************** /**********************************************************************
* Copyright (c) 2017 Amaury Séchet * * Copyright (c) 2017 Amaury Séchet *
* Distributed under the MIT software license, see the accompanying * * Distributed under the MIT software license, see the accompanying *
* file COPYING or http://www.opensource.org/licenses/mit-license.php.* * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
**********************************************************************/ **********************************************************************/
#ifndef SECP256K1_MODULE_SCHNORR_MAIN #ifndef SECP256K1_MODULE_SCHNORR_MAIN
#define SECP256K1_MODULE_SCHNORR_MAIN #define SECP256K1_MODULE_SCHNORR_MAIN
#include "include/secp256k1_schnorr.h" #include "include/secp256k1_schnorr.h"
#include "modules/schnorr/schnorr_impl.h" #include "modules/schnorr/schnorr_impl.h"
int secp256k1_schnorr_verify( int secp256k1_schnorr_verify(
const secp256k1_context* ctx, const secp256k1_context* ctx,
const unsigned char *sig64, const unsigned char *sig64,
const unsigned char *msg32, const unsigned char *msghash32,
const secp256k1_pubkey *pubkey const secp256k1_pubkey *pubkey
) { ) {
secp256k1_ge q; secp256k1_ge q;
VERIFY_CHECK(ctx != NULL); VERIFY_CHECK(ctx != NULL);
ARG_CHECK(secp256k1_ecmult_context_is_built(&ctx->ecmult_ctx)); ARG_CHECK(secp256k1_ecmult_context_is_built(&ctx->ecmult_ctx));
ARG_CHECK(msg32 != NULL); ARG_CHECK(msghash32 != NULL);
ARG_CHECK(sig64 != NULL); ARG_CHECK(sig64 != NULL);
ARG_CHECK(pubkey != NULL); ARG_CHECK(pubkey != NULL);
if (!secp256k1_pubkey_load(ctx, &q, pubkey)) { if (!secp256k1_pubkey_load(ctx, &q, pubkey)) {
return 0; return 0;
} }
return secp256k1_schnorr_sig_verify(&ctx->ecmult_ctx, sig64, &q, msg32); return secp256k1_schnorr_sig_verify(&ctx->ecmult_ctx, sig64, &q, msghash32);
} }
int secp256k1_schnorr_sign( int secp256k1_schnorr_sign(
const secp256k1_context *ctx, const secp256k1_context *ctx,
unsigned char *sig64, unsigned char *sig64,
const unsigned char *msg32, const unsigned char *msghash32,
const unsigned char *seckey, const unsigned char *seckey,
secp256k1_nonce_function noncefp, secp256k1_nonce_function noncefp,
const void *ndata const void *ndata
) { ) {
secp256k1_scalar sec; secp256k1_scalar sec;
secp256k1_pubkey pubkey; secp256k1_pubkey pubkey;
secp256k1_ge p; secp256k1_ge p;
int overflow; int overflow;
int ret = 0; int ret = 0;
int pubkeyret; int pubkeyret;
VERIFY_CHECK(ctx != NULL); VERIFY_CHECK(ctx != NULL);
ARG_CHECK(secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)); ARG_CHECK(secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx));
ARG_CHECK(msg32 != NULL); ARG_CHECK(msghash32 != NULL);
ARG_CHECK(sig64 != NULL); ARG_CHECK(sig64 != NULL);
ARG_CHECK(seckey != NULL); ARG_CHECK(seckey != NULL);
pubkeyret = secp256k1_ec_pubkey_create(ctx, &pubkey, seckey); pubkeyret = secp256k1_ec_pubkey_create(ctx, &pubkey, seckey);
secp256k1_declassify(ctx, &pubkeyret, sizeof(pubkeyret)); secp256k1_declassify(ctx, &pubkeyret, sizeof(pubkeyret));
if (!pubkeyret) { if (!pubkeyret) {
return 0; return 0;
} }
secp256k1_declassify(ctx, &pubkey, sizeof(pubkey)); secp256k1_declassify(ctx, &pubkey, sizeof(pubkey));
if (!secp256k1_pubkey_load(ctx, &p, &pubkey)) { if (!secp256k1_pubkey_load(ctx, &p, &pubkey)) {
return 0; return 0;
} }
secp256k1_scalar_set_b32(&sec, seckey, &overflow); secp256k1_scalar_set_b32(&sec, seckey, &overflow);
overflow |= secp256k1_scalar_is_zero(&sec); overflow |= secp256k1_scalar_is_zero(&sec);
secp256k1_scalar_cmov(&sec, &secp256k1_scalar_one, overflow); secp256k1_scalar_cmov(&sec, &secp256k1_scalar_one, overflow);
ret = secp256k1_schnorr_sig_sign(ctx, sig64, msg32, &sec, &p, noncefp, ndata); ret = secp256k1_schnorr_sig_sign(ctx, sig64, msghash32, &sec, &p, noncefp, ndata);
if (!ret) { if (!ret) {
memset(sig64, 0, 64); memset(sig64, 0, 64);
} }
secp256k1_scalar_clear(&sec); secp256k1_scalar_clear(&sec);
return !!ret & !overflow; return !!ret & !overflow;
} }
#endif #endif